Our Blog

How To Create Strong, Memorable Passwords

One of the most common causes of websites and online accounts being hacked is weak passwords. Many people create simple passwords because anything more complex than a date or a simple word can be difficult to remember.

I recently created a video that shows how long it might take to crack a password, given a certain length and complexity, and how you can create passwords that are easy to remember AND virtually impossible to crack.

Sound impossible? Read on and I’ll explain and I’ll provide a link to the video at the end of this article.

If there’s one thing us humans are good at it is remembering patterns. We can recite the alphabet in our first year of school (or earlier) and most of us are fairly good at mental arithmetic. That’s because there are patterns and consistency in the alphabet and numbers.

Unfortunately, passwords that are made up from numbers and/or letters are the easiest to crack. Let me digress briefly and explain what this ‘cracking’ is about.

The act of trying to illegally obtain passwords is called ‘cracking’. The most common type of attack on online and stolen passwords is known as a ‘brute force’ attack. Put simply, the attacker has a program that runs through the most commonly used usernames and passwords (e.g. admin/admin, admin/password) in an attempt to stumble upon a combination that works. They will usually have a ‘dictionary’ containing hundreds or thousands of popular username/password combinations.

After exhausting the dictionary the next step is to sequentially step through numbers, symbols and the alphabet until all possible combinations are exhausted. For example, if we were just using the lower case alphabet and we were stepping through all combinations up to six letters the sequence would start with the letter ‘a’ and the final sequence would be ‘zzzzzz’.

By adding a broader range of characters and more length to a password we make it stronger. This is why some sites enforce a password policy that says your password must include upper case, lower case and at least one punctuation character. This greatly increases the number of characters a brute force attack would need to use in order to crack that password.

Unfortunately, while most of us are good with street addresses, telephone numbers and birth dates – we have difficulty remembering sequences of characters that include upper case, lower case and punctuation. To get around this difficulty we can use what I call ‘password templates’.

The basic idea is to use a password that includes a word that starts with a capital letter, followed by a sequence of characters that is easy to remember, followed by something common to the site you are signing into.

For example… let’s say my sequence is going to be my dog’s name, followed by some smiley faces and then the first part of the domain I am logging into. Here’s how it would look for my GMail, Hotmail and bank account:

Amber:)(:gmail
Amber:)(:hotmail
Amber:)(:commonwealth

I can tell you that if you were using a super computer that could do 100 trillion guesses per second, the shortest of those passwords would take more than 38,000 years to crack. Not many cyber criminals have access to a super computer, so the average fast computer would take more than 3,890,000 years.

That’s an incredibly strong password and yet it is not at all difficult to remember. So don’t be fooled into believing that a strong password has to look something like 23eRRt5%#@! – it honestly doesn’t.

If you use a ‘password template’ you CAN have a virtually uncrackable password that is really easy to remember!